This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch coheigea/saml-refactor-new
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/coheigea/saml-refactor-new by
this push:
new 8d7b68ff1 Enforce a password is only obtained from a callbackhandler
and not the message context any more
8d7b68ff1 is described below
commit 8d7b68ff1c4226ad3d3ab630c380fa56f2e6c12a
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Wed Jun 18 12:07:31 2025 +0100
Enforce a password is only obtained from a callbackhandler and not the
message context any more
---
.../org/apache/wss4j/dom/action/ActionUtils.java | 32 +++++++++++
.../wss4j/dom/action/EncryptionDerivedAction.java | 2 +-
.../wss4j/dom/action/SAMLTokenSignedAction.java | 2 +-
.../apache/wss4j/dom/action/SignatureAction.java | 2 +-
.../wss4j/dom/action/SignatureDerivedAction.java | 2 +-
.../wss4j/dom/action/UsernameTokenAction.java | 2 +-
.../dom/action/UsernameTokenSignedAction.java | 2 +-
.../org/apache/wss4j/dom/handler/WSHandler.java | 47 ---------------
.../org/apache/wss4j/dom/common/CustomHandler.java | 12 ----
.../dom/handler/SignatureConfirmationTest.java | 10 ++--
.../dom/handler/WSHandlerGetPasswordTest.java | 67 ----------------------
.../apache/wss4j/dom/message/PasswordTypeTest.java | 2 +-
.../wss4j/dom/message/SignatureCertTest.java | 4 +-
.../wss4j/dom/message/SignaturePartsTest.java | 2 +
.../apache/wss4j/dom/message/SignatureTest.java | 12 ++--
.../apache/wss4j/dom/message/SignedBSTTest.java | 3 +-
.../wss4j/dom/message/UsernameTokenTest.java | 4 +-
.../wss4j/dom/message/XOPAttachmentTest.java | 4 +-
.../dom/saml/SamlTokenCustomSignatureTest.java | 3 +-
.../apache/wss4j/stax/test/AbstractTestBase.java | 19 +-----
.../apache/wss4j/stax/test/SignatureCRLTest.java | 3 +-
.../stax/test/SignatureCertConstaintsTest.java | 3 +-
.../test/SignatureIssuerCertConstaintsTest.java | 3 +-
23 files changed, 70 insertions(+), 172 deletions(-)
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/ActionUtils.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/ActionUtils.java
index 393a4bd94..0b900cd92 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/ActionUtils.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/ActionUtils.java
@@ -19,9 +19,13 @@
package org.apache.wss4j.dom.action;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.handler.RequestData;
public final class ActionUtils {
@@ -67,4 +71,32 @@ public final class ActionUtils {
return new WSPasswordCallback(username, reason);
}
+ /**
+ * Configure a password callback (WSPasswordCallback object) from a
CallbackHandler instance
+ * @param callbackHandler The CallbackHandler to use
+ * @param pwCb The WSPasswordCallback to supply to the CallbackHandler
+ * @param requestData The RequestData which supplies the message context
+ * @throws WSSecurityException
+ */
+ public static void performPasswordCallback(
+ CallbackHandler callbackHandler,
+ WSPasswordCallback pwCb,
+ RequestData requestData
+ ) throws WSSecurityException {
+
+ if (callbackHandler != null) {
+ Callback[] callbacks = new Callback[1];
+ callbacks[0] = pwCb;
+ //
+ // Call back the application to get the password
+ //
+ try {
+ callbackHandler.handle(callbacks);
+ } catch (Exception e) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e,
+ "empty", new Object[] {"WSHandler: password callback
failed"});
+ }
+ }
+ }
+
}
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
index ac305d1d8..4e7bfa160 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
@@ -58,7 +58,7 @@ public class EncryptionDerivedAction extends
AbstractDerivedAction implements Ac
}
WSPasswordCallback pwCb =
ActionUtils.constructPasswordCallback(encryptionToken.getUser(),
WSConstants.DKT_ENCR);
- handler.performPasswordCallback(callbackHandler, pwCb, reqData);
+ ActionUtils.performPasswordCallback(callbackHandler, pwCb, reqData);
WSSecDKEncrypt wsEncrypt = new WSSecDKEncrypt(reqData.getSecHeader());
wsEncrypt.setIdAllocator(reqData.getWssConfig().getIdAllocator());
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
index b41111b3a..b8720ef1d 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
@@ -98,7 +98,7 @@ public class SAMLTokenSignedAction implements Action {
}
WSPasswordCallback pwCb =
ActionUtils.constructPasswordCallback(signatureToken.getUser(),
WSConstants.ST_SIGNED);
- handler.performPasswordCallback(callbackHandler, pwCb, reqData);
+ ActionUtils.performPasswordCallback(callbackHandler, pwCb, reqData);
wsSign.setUserInfo(signatureToken.getUser(), pwCb.getPassword());
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
index bfb24dddd..aab7506c5 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
@@ -53,7 +53,7 @@ public class SignatureAction implements Action {
}
WSPasswordCallback pwCb =
ActionUtils.constructPasswordCallback(signatureToken.getUser(),
WSConstants.SIGN);
- handler.performPasswordCallback(callbackHandler, pwCb, reqData);
+ ActionUtils.performPasswordCallback(callbackHandler, pwCb, reqData);
WSSecSignature wsSign = new WSSecSignature(reqData.getSecHeader());
wsSign.setIdAllocator(reqData.getWssConfig().getIdAllocator());
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
index cae496352..c170b34f9 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
@@ -59,7 +59,7 @@ public class SignatureDerivedAction extends
AbstractDerivedAction implements Act
}
WSPasswordCallback pwCb =
ActionUtils.constructPasswordCallback(signatureToken.getUser(),
WSConstants.DKT_SIGN);
- handler.performPasswordCallback(callbackHandler, pwCb, reqData);
+ ActionUtils.performPasswordCallback(callbackHandler, pwCb, reqData);
WSSecDKSign wsSign = new WSSecDKSign(reqData.getSecHeader());
wsSign.setIdAllocator(reqData.getWssConfig().getIdAllocator());
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenAction.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenAction.java
index fc90e1b21..39450d709 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenAction.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenAction.java
@@ -39,7 +39,7 @@ public class UsernameTokenAction implements Action {
CallbackHandler callbackHandler = reqData.getCallbackHandler();
WSPasswordCallback pwCb =
ActionUtils.constructPasswordCallback(reqData.getUsername(), WSConstants.UT);
- handler.performPasswordCallback(callbackHandler, pwCb, reqData);
+ ActionUtils.performPasswordCallback(callbackHandler, pwCb,
reqData);
username = pwCb.getIdentifier();
password = pwCb.getPassword();
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
index dd3174083..138a58d10 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
@@ -52,7 +52,7 @@ public class UsernameTokenSignedAction implements Action {
CallbackHandler callbackHandler = reqData.getCallbackHandler();
WSPasswordCallback pwCb =
ActionUtils.constructPasswordCallback(reqData.getUsername(),
WSConstants.UT_SIGN);
- handler.performPasswordCallback(callbackHandler, pwCb, reqData);
+ ActionUtils.performPasswordCallback(callbackHandler, pwCb, reqData);
if (reqData.getUsername() == null) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noUser");
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
index d54a7c9ee..7f01d3bfa 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
@@ -25,7 +25,6 @@ import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
-import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.dom.WSConstants;
@@ -42,7 +41,6 @@ import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.dom.message.WSSecHeader;
-import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.common.util.XMLUtils;
@@ -1143,47 +1141,6 @@ public abstract class WSHandler {
return passwordEncryptor;
}
- /**
- * Configure a password callback (WSPasswordCallback object) from a
CallbackHandler instance
- * @param callbackHandler The CallbackHandler to use
- * @param pwCb The WSPasswordCallback to supply to the CallbackHandler
- * @param requestData The RequestData which supplies the message context
- * @throws WSSecurityException
- */
- public void performPasswordCallback(
- CallbackHandler callbackHandler,
- WSPasswordCallback pwCb,
- RequestData requestData
- ) throws WSSecurityException {
-
- if (callbackHandler != null) {
- Callback[] callbacks = new Callback[1];
- callbacks[0] = pwCb;
- //
- // Call back the application to get the password
- //
- try {
- callbackHandler.handle(callbacks);
- } catch (Exception e) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e,
- "empty", new Object[] {"WSHandler: password callback
failed"});
- }
- } else {
- //
- // If a callback isn't configured then try to get the password
- // from the message context
- //
- String password = getPassword(requestData.getMsgContext());
- if (password == null) {
- String err = "provided null or empty password";
- throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
- "empty",
- new Object[] {"WSHandler: application " + err});
- }
- pwCb.setPassword(password);
- }
- }
-
private void splitEncParts(boolean required, String tmpS,
List<WSEncryptionPart> parts, RequestData
reqData)
throws WSSecurityException {
@@ -1427,8 +1384,4 @@ public abstract class WSHandler {
public abstract void setProperty(Object msgContext, String key,
Object value);
-
- public abstract String getPassword(Object msgContext);
-
- public abstract void setPassword(Object msgContext, String password);
}
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CustomHandler.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CustomHandler.java
index 39b68ef2d..8023e203e 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CustomHandler.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/CustomHandler.java
@@ -67,18 +67,6 @@ public class CustomHandler extends WSHandler {
return null;
}
- public void
- setPassword(Object msgContext, String password) {
- }
-
- public String
- getPassword(Object msgContext) {
- if (msgContext instanceof Map<?,?>) {
- return (String)((Map<?,?>)msgContext).get("password");
- }
- return null;
- }
-
public void send(
Document doc,
RequestData reqData,
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
index 5f64f64b8..959659b9c 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/SignatureConfirmationTest.java
@@ -75,7 +75,7 @@ public class SignatureConfirmationTest {
java.util.Map<String, Object> msgContext = new java.util.TreeMap<>();
msgContext.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION,
"true");
msgContext.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
- msgContext.put("password", "security");
+ msgContext.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
reqData.setMsgContext(msgContext);
reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
@@ -116,7 +116,7 @@ public class SignatureConfirmationTest {
java.util.Map<String, Object> msgContext = new java.util.TreeMap<>();
msgContext.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION,
"false");
msgContext.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
- msgContext.put("password", "security");
+ msgContext.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
reqData.setMsgContext(msgContext);
reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
@@ -155,7 +155,7 @@ public class SignatureConfirmationTest {
java.util.Map<String, Object> msgContext = new java.util.TreeMap<>();
msgContext.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION,
"true");
msgContext.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
- msgContext.put("password", "security");
+ msgContext.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
reqData.setMsgContext(msgContext);
reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
@@ -220,7 +220,7 @@ public class SignatureConfirmationTest {
java.util.Map<String, Object> msgContext = new java.util.TreeMap<>();
msgContext.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION,
"true");
msgContext.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
- msgContext.put("password", "security");
+ msgContext.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
reqData.setMsgContext(msgContext);
reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
@@ -320,7 +320,7 @@ public class SignatureConfirmationTest {
java.util.Map<String, Object> msgContext = new java.util.TreeMap<>();
msgContext.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION,
"true");
msgContext.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
- msgContext.put("password", "security");
+ msgContext.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
reqData.setMsgContext(msgContext);
reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/WSHandlerGetPasswordTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/WSHandlerGetPasswordTest.java
index 25a9e8b54..d747d1ec9 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/WSHandlerGetPasswordTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/handler/WSHandlerGetPasswordTest.java
@@ -23,14 +23,12 @@ import java.util.Collections;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.action.ActionUtils;
import org.apache.wss4j.dom.common.CustomHandler;
import org.apache.wss4j.dom.common.UsernamePasswordCallbackHandler;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.junit.jupiter.api.Test;
-import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.util.XMLUtils;
import org.w3c.dom.Document;
@@ -47,71 +45,6 @@ public class WSHandlerGetPasswordTest {
org.slf4j.LoggerFactory.getLogger(WSHandlerGetPasswordTest.class);
private CallbackHandler callbackHandler = new
UsernamePasswordCallbackHandler();
- /**
- * A unit test for WSHandler.getPassword(...), where the password is
obtained
- * from the Message Context.
- */
- @Test
- public void
- testGetPasswordRequestContextUnit() throws Exception {
-
- final WSSConfig cfg = WSSConfig.getNewInstance();
- final RequestData reqData = new RequestData();
- reqData.setWssConfig(cfg);
- java.util.Map<String, Object> messageContext = new
java.util.TreeMap<>();
- messageContext.put("password", "securityPassword");
- reqData.setMsgContext(messageContext);
-
- WSHandler handler = new CustomHandler();
- CallbackHandler callbackHandler =
- handler.getCallbackHandler("SomeCallbackTag", "SomeCallbackRef",
reqData);
-
- WSPasswordCallback pwCb =
ActionUtils.constructPasswordCallback("alice", WSConstants.UT);
- handler.performPasswordCallback(callbackHandler, pwCb, reqData);
-
- assertTrue("alice".equals(pwCb.getIdentifier()));
- assertTrue("securityPassword".equals(pwCb.getPassword()));
- assertTrue(WSPasswordCallback.USERNAME_TOKEN == pwCb.getUsage());
- }
-
- /**
- * A WSHandler test for WSHandler.getPassword(...), where the password is
obtained
- * from the Message Context.
- */
- @Test
- public void
- testGetPasswordRequestContext() throws Exception {
-
- final WSSConfig cfg = WSSConfig.getNewInstance();
- final RequestData reqData = new RequestData();
- reqData.setWssConfig(cfg);
- reqData.setUsername("alice");
- reqData.setPwType(WSConstants.PASSWORD_TEXT);
- java.util.Map<String, Object> messageContext = new
java.util.TreeMap<>();
- messageContext.put("password", "securityPassword");
- reqData.setMsgContext(messageContext);
-
- final java.util.List<Integer> actions = new java.util.ArrayList<>();
- actions.add(WSConstants.UT);
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- CustomHandler handler = new CustomHandler();
- HandlerAction action = new HandlerAction(WSConstants.UT);
- handler.send(
- doc,
- reqData,
- Collections.singletonList(action),
- true
- );
-
- String outputString =
- XMLUtils.prettyDocumentToString(doc);
- if (LOG.isDebugEnabled()) {
- LOG.debug(outputString);
- }
- assertTrue(outputString.contains("alice"));
- assertTrue(outputString.contains("securityPassword"));
- }
-
/**
* A test for WSHandler.getPassword(...), where the password is obtained
from a
* Callback Handler, which is placed on the Message Context using a
reference.
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordTypeTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordTypeTest.java
index ee3024a24..86eae1735 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordTypeTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordTypeTest.java
@@ -167,7 +167,7 @@ public class PasswordTypeTest {
RequestData reqData = new RequestData();
java.util.Map<String, Object> config = new java.util.TreeMap<>();
- config.put("password", "verySecret");
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
config.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
reqData.setUsername("wernerd");
reqData.setMsgContext(config);
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java
index 7d1bd025b..edf622b52 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureCertTest.java
@@ -22,7 +22,7 @@ package org.apache.wss4j.dom.message;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
-
+import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.common.dom.engine.WSSecurityEngineResult;
@@ -244,7 +244,7 @@ public class SignatureCertTest {
reqData.setUsername("wss40");
java.util.Map<String, String> config = new java.util.TreeMap<>();
config.put(WSHandlerConstants.SIG_PROP_FILE, "wss40.properties");
- config.put("password", "security");
+ config.put(WSHandlerConstants.PW_CALLBACK_CLASS,
KeystoreCallbackHandler.class.getName());
config.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
config.put(WSHandlerConstants.USE_SINGLE_CERTIFICATE, "false");
reqData.setMsgContext(config);
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
index 00bacd880..2b52a6ae0 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignaturePartsTest.java
@@ -26,6 +26,7 @@ import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.WSDataRef;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
+import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SAML1CallbackHandler;
import org.apache.wss4j.dom.engine.WSSConfig;
@@ -599,6 +600,7 @@ public class SignaturePartsTest {
config.put(
WSHandlerConstants.SIGNATURE_PARTS, "{}{" + WSConstants.SIG_NS +
"}KeyInfo"
);
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, new
KeystoreCallbackHandler());
reqData.setMsgContext(config);
final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
index 56f95ba4e..e0da72743 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
@@ -584,7 +584,7 @@ public class SignatureTest {
reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
java.util.Map<String, Object> config = new java.util.TreeMap<>();
config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
- config.put("password", "security");
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
config.put(
WSHandlerConstants.SIG_ALGO,
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
@@ -798,7 +798,7 @@ public class SignatureTest {
java.util.Map<String, Object> config = new java.util.TreeMap<>();
config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
- config.put("password", "security");
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
config.put(
WSHandlerConstants.SIGNATURE_PARTS, "{}{" + WSConstants.WSU_NS +
"}Timestamp"
);
@@ -841,7 +841,7 @@ public class SignatureTest {
java.util.Map<String, Object> config = new java.util.TreeMap<>();
config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
config.put(WSHandlerConstants.ENC_PROP_FILE, "crypto.properties");
- config.put("password", "security");
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
config.put(
WSHandlerConstants.SIGNATURE_PARTS, "{}{" + WSConstants.WSU_NS +
"}Timestamp"
);
@@ -880,7 +880,7 @@ public class SignatureTest {
java.util.Map<String, Object> config = new java.util.TreeMap<>();
config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
config.put(WSHandlerConstants.ENC_PROP_FILE, "crypto.properties");
- config.put("password", "security");
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
config.put(
WSHandlerConstants.SIGNATURE_PARTS, "{}{" + WSConstants.WSU_NS +
"}Timestamp"
);
@@ -918,7 +918,7 @@ public class SignatureTest {
java.util.Map<String, Object> config = new java.util.TreeMap<>();
config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
config.put(WSHandlerConstants.SIG_C14N_ALGO,
WSConstants.C14N_WITH_COMMENTS);
- config.put("password", "security");
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
reqData.setMsgContext(config);
final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -970,7 +970,7 @@ public class SignatureTest {
File propsFile = new File(basedir +
"/src/test/resources/crypto.properties");
config.put(WSHandlerConstants.SIG_PROP_FILE, propsFile.getPath());
- config.put("password", "security");
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
reqData.setMsgContext(config);
final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignedBSTTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignedBSTTest.java
index a08cf1624..cd262b9c6 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignedBSTTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignedBSTTest.java
@@ -33,7 +33,7 @@ import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
-
+import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.handler.HandlerAction;
@@ -136,6 +136,7 @@ public class SignedBSTTest {
WSHandlerConstants.SIGNATURE_PARTS,
"{}{" + WSConstants.WSSE_NS + "}BinarySecurityToken"
);
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, new
KeystoreCallbackHandler());
reqData.setMsgContext(config);
final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java
index 7d19d0904..2b2578ec2 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java
@@ -814,8 +814,8 @@ public class UsernameTokenTest implements CallbackHandler {
RequestData reqData = new RequestData();
java.util.Map<String, Object> config = new java.util.TreeMap<>();
- config.put("password", "verySecret");
config.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
reqData.setUsername("wernerd");
reqData.setMsgContext(config);
@@ -1109,10 +1109,10 @@ public class UsernameTokenTest implements
CallbackHandler {
RequestData reqData = new RequestData();
java.util.Map<String, Object> config = new java.util.TreeMap<>();
- config.put("password", "verySecret");
config.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
config.put(WSHandlerConstants.ADD_USERNAMETOKEN_NONCE, "true");
config.put(WSHandlerConstants.ADD_USERNAMETOKEN_CREATED, "true");
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
reqData.setUsername("wernerd");
reqData.setMsgContext(config);
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
index d46fc1fe8..0a403211f 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/XOPAttachmentTest.java
@@ -601,8 +601,8 @@ public class XOPAttachmentTest {
config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
config.put(WSHandlerConstants.ENC_PROP_FILE, "crypto.properties");
config.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
- config.put("password", "security");
config.put(WSHandlerConstants.STORE_BYTES_IN_ATTACHMENT, "true");
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, new
KeystoreCallbackHandler());
reqData.setMsgContext(config);
final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
@@ -651,8 +651,8 @@ public class XOPAttachmentTest {
config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
config.put(WSHandlerConstants.ENC_PROP_FILE, "crypto.properties");
config.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
- config.put("password", "security");
config.put(WSHandlerConstants.STORE_BYTES_IN_ATTACHMENT, "true");
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, new
KeystoreCallbackHandler());
reqData.setMsgContext(config);
final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
diff --git
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java
index eff9fa062..d5c1c916e 100644
---
a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java
+++
b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java
@@ -35,6 +35,7 @@ import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
+import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SAML1CallbackHandler;
import org.apache.wss4j.dom.engine.WSSConfig;
@@ -119,13 +120,13 @@ public class SamlTokenCustomSignatureTest {
Map<String, Object> config = new TreeMap<>();
config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
- config.put("password", "security");
config.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
config.put(
WSHandlerConstants.SIGNATURE_PARTS,
"{Element}{urn:oasis:names:tc:SAML:1.0:assertion}Assertion"
);
config.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler);
+ config.put(WSHandlerConstants.PW_CALLBACK_REF, new
KeystoreCallbackHandler());
reqData.setMsgContext(config);
final Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
diff --git
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
index eaa9706fc..3a77de274 100644
---
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
+++
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java
@@ -56,7 +56,6 @@ import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
-
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.handler.HandlerAction;
@@ -191,7 +190,7 @@ public abstract class AbstractTestBase {
sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.file",
"transmitter.jks");
sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.password",
"default");
//sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.alias",
"transmitter");
- wss4JHandler.setPassword(messageContext, "default");
+ messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, new
WSS4JCallbackHandlerImpl());
messageContext.put(WSHandlerConstants.SIG_PROP_REF_ID, "" +
sigProperties.hashCode());
messageContext.put("" + sigProperties.hashCode(), sigProperties);
@@ -200,7 +199,7 @@ public abstract class AbstractTestBase {
encProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.file",
"transmitter.jks");
encProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.password",
"default");
//sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.alias",
"transmitter");
- wss4JHandler.setPassword(messageContext, "default");
+ messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, new
WSS4JCallbackHandlerImpl());
messageContext.put(WSHandlerConstants.ENCRYPTION_USER, "receiver");
messageContext.put(WSHandlerConstants.ENC_PROP_REF_ID, "" +
encProperties.hashCode());
messageContext.put("" + encProperties.hashCode(), encProperties);
@@ -213,9 +212,6 @@ public abstract class AbstractTestBase {
RequestData requestData = new RequestData();
requestData.setMsgContext(messageContext);
- if (messageContext.get(WSHandlerConstants.PW_CALLBACK_REF) == null) {
- requestData.setCallbackHandler(new WSS4JCallbackHandlerImpl());
- }
requestData.setWssConfig(WSSConfig.getNewInstance());
wss4JHandler.doSender(messageContext, requestData, true);
@@ -607,17 +603,6 @@ public abstract class AbstractTestBase {
((Map<String, Object>) msgContext).put(key, value);
}
- @SuppressWarnings("unchecked")
- @Override
- public String getPassword(Object msgContext) {
- return (String) ((Map<String, Object>) msgContext).get("password");
- }
-
- @SuppressWarnings("unchecked")
- @Override
- public void setPassword(Object msgContext, String password) {
- ((Map<String, Object>) msgContext).put("password", password);
- }
}
protected class TestSecurityEventListener implements SecurityEventListener
{
diff --git
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCRLTest.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCRLTest.java
index 1dc007ef0..04347c762 100644
---
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCRLTest.java
+++
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCRLTest.java
@@ -32,6 +32,7 @@ import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.stax.ext.WSSConstants;
@@ -149,7 +150,7 @@ public class SignatureCRLTest extends AbstractTestBase {
sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.password",
"security");
sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.alias",
"wss40rev");
sigProperties.setProperty("org.apache.wss4j.crypto.merlin.x509crl.file",
"keys/wss40CACRL.pem");
- wss4JHandler.setPassword(messageContext, "security");
+ messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, new
KeystoreCallbackHandler());
messageContext.put(WSHandlerConstants.SIG_PROP_REF_ID, "" +
sigProperties.hashCode());
messageContext.put("" + sigProperties.hashCode(), sigProperties);
diff --git
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCertConstaintsTest.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCertConstaintsTest.java
index 8c5705674..252be73e6 100644
---
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCertConstaintsTest.java
+++
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureCertConstaintsTest.java
@@ -34,6 +34,7 @@ import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.stax.ext.WSSConstants;
@@ -184,8 +185,8 @@ public class SignatureCertConstaintsTest extends
AbstractTestBase {
sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.file",
"keys/wss40.jks");
sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.password",
"security");
sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.alias",
"wss40");
- wss4JHandler.setPassword(messageContext, "security");
messageContext.put(WSHandlerConstants.SIG_PROP_REF_ID, "" +
sigProperties.hashCode());
+ messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, new
KeystoreCallbackHandler());
messageContext.put("" + sigProperties.hashCode(), sigProperties);
Enumeration<?> enumeration = properties.propertyNames();
diff --git
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureIssuerCertConstaintsTest.java
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureIssuerCertConstaintsTest.java
index 5392e9ce0..b082fce5f 100644
---
a/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureIssuerCertConstaintsTest.java
+++
b/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureIssuerCertConstaintsTest.java
@@ -34,6 +34,7 @@ import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.stax.ext.WSSConstants;
@@ -184,7 +185,7 @@ public class SignatureIssuerCertConstaintsTest extends
AbstractTestBase {
sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.file",
"keys/wss40.jks");
sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.password",
"security");
sigProperties.setProperty("org.apache.wss4j.crypto.merlin.keystore.alias",
"wss40");
- wss4JHandler.setPassword(messageContext, "security");
+ messageContext.put(WSHandlerConstants.PW_CALLBACK_REF, new
KeystoreCallbackHandler());
messageContext.put(WSHandlerConstants.SIG_PROP_REF_ID, "" +
sigProperties.hashCode());
messageContext.put("" + sigProperties.hashCode(), sigProperties);
